This post may contain affiliate links, please read our affiliate disclosure to learn more.
AlphaBay marketplace

AlphaBay: Inside the Infamous Dark Web Marketplace

Author
 By Charles Joseph | Cybersecurity Researcher
Clock
 Published on December 25th, 2022
This post was updated on November 25th, 2023

The dark web is best known for its illicit marketplaces, where enterprising ne’er-do-wells anonymously trade all manner of illegal goods, including drugs, weapons, counterfeit currency, and criminal services for hire.

And for nearly three years, one marketplace, in particular, reigned supreme. AlphaBay boasted hundreds of thousands of users, raked in millions of dollars a year in revenue, and became known as the successor to the notorious, now-shuttered Silk Road.

NordVPN 67% off + 3-month VPN coupon

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

With that prominence, power, and fortune, however, came immense risk, culminating in a multi-year manhunt spanning six countries and ending in tragedy.

But it seems that the story of AlphaBay may not be over quite yet.

AlphaBay at a Glance

  • Founded in 2014 by a hacker called Alpha02, AlphaBay aimed to replace the Silk Road as the dark web’s leading marketplace of illicit goods.
  • Within a year, AlphaBay had over 200,000 users and was processing hundreds of thousands of dollars worth of sales every day.
  • Law enforcement struggled to track down AlphaBay’s kingpin, but a leaked email address eventually led them to Alpha02’s true identity: Alexandre Cazes.
  • Six countries, including the US and Thailand, formed Operation Bayonet to take down AlphaBay and another dark web marketplace, Hansa, in 2017.
  • Cazes was arrested at his Bangkok home on July 5, 2017, but died by apparent suicide in his jail cell before he could be extradited to the US.
  • In 2021, AlphaBay’s second-in-command, DeSnake, relaunched the site, this time with a stronger focus on anonymity and security.

The Story of AlphaBay

The Silk Road’s Sequel

A silk road

In October 2013, the world was rocked by the news that the Silk Road, a virtual black market and the de facto face of the dark web, had been seized and shut down by the FBI.

For over two years, users anonymously exchanged bitcoin for pills, fake IDs, firearms, stolen credit cards, and other illicit goods. The Silk Road captivated the media and confounded law enforcement, but a series of minuscule slip-ups by its founder, Ross Ulbricht, eventually led the police to arrest him and shutter the site.

Almost immediately, new dark web marketplaces began popping up to replace the Silk Road, but most maintained a low profile, not wanting to meet the same fate as their predecessor.

But there was an exception. AlphaBay launched in September 2014, 11 months after the fall of the Silk Road, and quickly rose to prominence with its claims of better security and improved customer service.

Its founder, Alpha02, was well-known in the hacking community as an expert credit card fraudster, or “carder”. Alpha02 launched AlphaBay with an ambitious goal: to unite the dark web’s then-segregated drug and hacking circles, becoming “the largest eBay-style underworld marketplace.”

To get AlphaBay off the ground, Alpha02 teamed up with another hacker, DeSnake, and focused on a familiar clientele: most of the site’s early listings were for stolen credit cards, malware, data leaks, and other hacker-oriented wares. But as word of the new marketplace spread through the underground, listings for drugs, weapons, and stolen goods poured in as well.

Within 90 days, AlphaBay had amassed over 14,000 users. And by October 2015, it had become the dark web’s largest marketplace, winning over 200,000 customers with its secure escrow system, advanced search tools, and over 21,000 active listings.

The Hunt for Alpha02

Almost as soon as AlphaBay launched, law enforcement agencies began investigating and infiltrating it, hoping to track down its founders and bring them to justice.

But after two years of efforts, the authorities’ actual successes were limited. A handful of individual AlphaBay vendors had been nabbed, but Alpha02 and DeSnake were always one step ahead.

Nothing was known about their identities until November 2016, when a single lead set off a domino effect of explosive discoveries.

By then, AlphaBay was facilitating over $350,000 in sales every day. And with a handsome portion of that revenue going into the founders’ pockets, the earliest days of AlphaBay were the furthest thing from their minds.

But as law enforcement pored through records of AlphaBay’s inception, they discovered that Alpha02 had made a critical error. When the site’s very first users registered, they received welcome emails that mistakenly revealed the founder’s true email address: [email protected].

And pimp_alex_91 had made appearances across the web dating back as far as 2008, often with personal information and selfies attached. One post in particular, on a French tech forum, revealed his full name: Alexandre Cazes.

Closing in on Alpha02

DDoS attacks

A search of the name “Alexandre Cazes” turned up years of posts on various tech, hacking, and programming forums, with one containing the biggest bombshell yet. Many years ago, on a forum now accessible only through the Wayback Machine, Cazes had posted under the username Alpha02.

According to his online profiles, Cazes was originally from Quebec but now lived in Thailand with his fiancee. The 25-year-old frequently posted pictures and videos of himself driving expensive sports cars and roaming his four luxurious mansions, a lifestyle that his purported career as a web designer couldn’t possibly finance alone.

But a secret criminal empire on the dark web certainly could.

All signs so far indicated that Cazes was AlphaBay’s founder, but there was still no definitive proof. So the FBI tried a different tactic: they would attempt to trace the untraceable, following bitcoins along the blockchain to link Cazes and his fortune to AlphaBay.

Cazes had gone to great lengths to obfuscate his bitcoin transactions, routing the money through bitcoin laundering services and frequently changing his wallet addresses. But after months of analyzing transaction fees and transfer patterns, the FBI subpoenaed one of the crypto exchanges used by AlphaBay and found that its wallet was registered to Alexandre Cazes.

The FBI got another boost in May 2017, when they teamed up with Dutch authorities who were trying to take down another dark web marketplace, Hansa. Along with the Thai government, which was tracking Cazes throughout Bangkok, the new coalition adopted a code name: Operation Bayonet.

Capturing Cazes

A hacker gets caught

In June 2017, Cazes was officially indicted on a laundry list of charges: racketeering, narcotics trafficking, identity theft and money laundering, among others.

But the Operation Bayonet team knew from Cazes’ online boasting that his devices were encrypted and equipped with kill switches that could wipe all data from their drives. Without that data, their case against Cazes might not stand, so they needed to stealthily nab Cazes while his devices were open and unlocked.

Over the next several weeks, more countries joined in on Operation Bayonet: Canada, where Cazes was from; the Netherlands and Lithuania, where AlphaBay’s servers were located; and Germany, where the Hansa marketplace was based.

And on July 5, 2017, they put their plan into action.

Offsite agents made an image of AlphaBay’s Lithuanian server, which they were to take offline as soon as an arrest was made, while others staked out Cazes’ house in Bangkok. At the command center, still more agents refreshed one of Cazes’ profiles, waiting for the “currently online” marker to illuminate and inform them that he was at his computer.

But the agents taking a snapshot of the server made a mistake and took it offline prematurely. Worrying that the outage would tip Cazes off and prompt him to wipe his computer, agents drove their car into his front gate, drawing him out of the house and into their grasp before he had a chance to destroy any evidence.

Alpha and Omega

Cazes was arrested and taken to Thailand’s Narcotics Suppression Bureau headquarters, where he awaited extradition to the US.

On Cazes’ laptop, which turned out to be unencrypted after all, investigators found a goldmine of evidence. Cazes was logged into AlphaBay as Alpha02, and he’d also been working on a detailed breakdown of all his assets: $12.5 million in cars and property, $3.3 million in cash, and over $7.5 million in cryptocurrency.

The FBI told Cazes that if he agreed to cooperate with them and serve as an informant, he would get a reduced sentence and potentially be a free man again in his lifetime. Cazes said that he would not make a decision until he discussed the proposal with his lawyer.

But Cazes would never give a definitive answer. On July 12, 2017, he was found dead in his cell with a towel tied around his neck — an apparent suicide by hanging.

Though Cazes’ mother and lawyer suspected foul play, his wife believed the suicide was real, as he’d told her that he’d rather die than be extradited to the US. She was arrested for AlphaBay-related money laundering several days after Cazes’ death and would later spend four years in Thai jail for her role in the enterprise.

But Operation Bayonet wasn’t over yet.

With AlphaBay down and no communication from its admins, users suspected that Alpha02 and DeSnake had pulled an exit scam, taking the money and disappearing forever. They began flocking to Hansa, the other marketplace targeted by Operation Bayonet, boosting its membership by up to 6,000 new users a day.

But Hansa had already been taken over by the Dutch government, which would spend the next several years prosecuting hundreds of Hansa vendors and users. On July 20, 2017, Hansa was shut down for good.

That same day, the US officially announced that it had seized AlphaBay and that its founder, Alexandre Cazes, was dead.

AlphaBay itself, however, would prove much less mortal than its creator.

The Rebirth of AlphaBay

In August 2021, AlphaBay returned to the dark web, this time under the sole helm of its former second-in-command, the still-anonymous DeSnake.

DeSnake promised users that this time, operational security would be the top priority, and that the only accepted form of payment would be Monero, a cryptocurrency widely considered the most difficult to trace. AlphaBay would also be accessible through both Tor and I2P, a more private, less surveilled anonymity layer.

A new system called AlphaGuard was put in place to automatically set up new servers in the event of a takedown and allow users to withdraw funds even if the site is seized. And DeSnake plans to eventually make AlphaBay fully decentralized, further preventing authorities from ever shutting it down for good.

Though many former AlphaBay users suspected that the new incarnation was a honeypot set up by law enforcement, the marketplace is flourishing regardless. As of June 2022, there were over 30,000 listings and 1,300 vendors on the site.

AlphaBay: The Black Market in the Spotlight

At its peak, AlphaBay was ten times larger than the Silk Road: 400,000 users generating $2 million a day in revenue across 369,000 listings.

But at its lowest, it was a tragedy: millions of dollars pocketed by criminals, many customers dead from drug overdoses enabled by the site, and one hubris-riddled founder deceased in his jail cell.

Now, back from the dead, AlphaBay hopes to reestablish itself as the eBay of the dark web. But whether it ever bests its predecessor’s records — or regains its once-storied, now-sullied reputation — remains to be seen.

AlphaBay Is Taking over the Dark Web (Video)

QUOTE:
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top